Monday, November 22, 2010

These 200+ IP addresses and IP ranges were used for targeted attacks, APT malware C&Cs and targeted malware distributions (many thanks to Anon and CJ for their additions).Please note that the dates are AS registration dates for the blocks, not the attacks. Attacks are mostly from 2010 and some from 2009

Monday, November 15, 2010

Malware Type

Secure Mac: Trojan horse [.] that affects Mac OS X, including Snow Leopard
(OS X 10.6), the latest version of OS X. The trojan horse,
trojan.osx.boonana.a, is spreading through social networking sites,
including Facebook, disguised as a video. The trojan is currently
appearing as a link in messages on social networking sites with the
subject "Is this you in this video?"

Thank you for
bringing this situation to our attention. We have goneahead and suspended
the domain name in question.Please let us know if you find any other
domain names connected to C&Cservers or other malware
distribution.Regards,JoeGoDaddy.comSpam and Abuse
Department24/7 Abuse Department Hotline: 480-624-2505ARID1003

Hostname: wsip-24-248-182-214.ph.ph.cox.net - Is it C&C or someone's sinkhole? Anybody?

Update 4, Nov 13 2010-------------------------------------------------------------------------------------------
mysundayparty.com domain is still active
The message that was sent to GoDaddy abuse department on Nov 10, 2010 read

November 8, 2010 Update: We plan to resolve this issue in the update for Adobe Reader and Acrobat
9.4 and earlier 9.x versions scheduled for release during the week of
November 15, 2010, mentioned in Security Advisory APSA10-05.
We have assigned CVE-2010-4091 to this issue. As of today, Adobe is not
aware of any exploits in the wild or public exploit code for this
issue.

--------------------------------

November 4, 2010 Adobe
is aware of a potential issue in Adobe Reader posted publicly today on
the Full Disclosure list. A proof-of-concept file demonstrating a Denial
of Service was published. Arbitrary code execution has not been
demonstrated, but may be possible. We are currently investigating this
issue. In the meantime, users of Adobe Reader 9.2 or later and 8.1.7 or
later can utilize the JavaScript Blacklist Framework to prevent the
issue by following the instructions below. Note that Adobe Acrobat is
not affected by this issue.

Malware samples are available for download by any responsible whitehat researcher. By downloading the samples, anyone waives all rights to claim punitive, incidental and consequential damages resulting from mishandling or self-infection.